Configuring the firewall for Leopard

Christopher Hunt huntc at internode.on.net
Sat Oct 27 20:30:31 PDT 2007 

Ah ha - you were on the right track. I tried modifying the  
com.apple.alf property list myself and played around with some of its  
settings, restarted socketfilterfw (what looks to be the firewall  
process) and Firewall (a user agent - probably for trapping socket  
access and asking the user what they want to do etc.). In the end I  
rebooted and then the firewall started asking me if I wanted to allow  
imapd to connect... then I thought that it had nothing to do with my  
mods - simply some timing thing... I then restored the plist back to  
what it was, selected "Set access for specific services and  
applications", rebooted and presto, the firewall asked me about  
imapd's access.

So, here's what you do to enable firewall access for launchd based  
user daemons:
1. selected "Set access for specific services and applications"
2. reboot.

Thanks for the inspiration.

Cheers,
-C

On 28/10/2007, at 10:30 AM, Derek Chesterfield wrote:

> Did you try restarting the daemon after you added imapd to the  
> firewall?
> The firewall allows/denies when the process opens the listening, not  
> for each inbound request.
>
> On 28 Oct 2007, at 00:02, Christopher Hunt wrote:
>
>> Allow me to rephrase my question. :-)
>>
>> I'm having difficulty configuring the Leopard firewall for a  
>> service installed via launchd. My service sits on port 993. How do  
>> I configure the Leopard firewall to allow incoming traffic on port  
>> 993?
>>
>> From what I can see, I can only declare applications via the "Set  
>> access for specific services and applications" pane. If I chose the  
>> application logically associated with that socket (/usr/local/bin/ 
>> imapd) then I am not able to connect. However if I disable the  
>> firewall (allow all incoming traffic) then my imap clients connect  
>> to port 993 successfully.
>>
>> Any pointers further to this and my previous posts?
>>
>> Cheers,
>> -C
>>
>> P.S. port 993 is used to accept imap traffic over ssl - imaps;  
>> sorry for not being more specific. From /etc/services:
>> imaps           993/udp     # imap4 protocol over TLS/SSL
>> imaps           993/tcp     # imap4 protocol over TLS/SSL
>>
>> On 28/10/2007, at 5:40 AM, Dan Shoop wrote:
>>
>>> Oh Leopard. Missed that.
>>>
>>> In that case remove "ipfw" and replace with the word "this".
>>>
>>> And re-read what I said in the last post. Because the answer here  
>>> is still going to come down to that if you just enabled the imap  
>>> port, however did that with whatever firewall, you've not enabled  
>>> port 993 since imap doesn't run on that port.
>>>
>> _______________________________________________
>> MacOSX-admin mailing list
>> MacOSX-admin at omnigroup.com
>> http://www.omnigroup.com/mailman/listinfo/macosx-admin

More information about the MacOSX-admin mailing list